But one threat that may frighten many consumers, and doesn’t necessarily yet rise to the level of a recall, is cybersecurity vulnerability.

The CPSC’s Recall Handbook states that companies must report products that “contain a defect that creates a substantial risk of injury to the public to warrant such remedial action.” But there are instances where security vulnerabilities with connected products have been exposed. In some cases, toys and other children’s products have been hacked, allowing the criminals to spy on children, track their movements, and even speak to them inappropriately.

At what point does this type of hacking present a “substantial hazard” warranting a recall as the CPSC requires? Hacking a medical device like a pacemaker can mean life or death. While a connected toy that’s mobile could pose a threat or inflict physical harm if commandeered by a hacker, these kinds of vulnerabilities usually don’t trigger a recall. In fact, in its notice of a public hearing, the commission said:

The consumer hazards that could conceivably be created by IoT devices include: Fire, burn, shock, tripping or falling, laceration, contusion, and chemical exposure. We do not consider personal data security and privacy issues that may be related to IoT devices to be consumer product hazards that the CPSC would address.

While cybersecurity vulnerability isn’t as high a priority for recall regulators, there are other regulations that might apply in helping to keep the public safe. The Children’s Online Privacy Protection Rule (COPPA), includes guidance from the Federal Trade Commission to clarify the law “can apply to the growing list of connected devices that make up the Internet of Things. That includes connected toys and other products intended for children that collect personal information, like voice recordings or geolocation data.”

Regardless of whether a product falls under these mandates, regulatory rules aren’t the only factors manufacturers must consider when it comes to product safety. Some retailers have stopped carrying children’s products that have reportedly been hacked, causing damaged brands and negative headlines across the country. And as far as most parents are concerned, these examples of hacking are very frightening. They may expect companies to recall vulnerable products – even if they are not technically required to do so.